Download the PHP package fooman/xero-php-oauth2 without Composer
On this page you can find all versions of the php package fooman/xero-php-oauth2. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download fooman/xero-php-oauth2
More information about fooman/xero-php-oauth2
Files in fooman/xero-php-oauth2
Package xero-php-oauth2
Short Description Xero PHP SDK for oAuth2 generated with OpenAPI spec 3 with PHP 8.1 support
License MIT
Homepage https://github.com/fooman/xero-php-oauth2
Informations about the package xero-php-oauth2
xero-php-oauth2
The xero-php-oauth2
SDK makes it easy for developers to access Xero's APIs in their PHP code, and build robust applications and software using small business & general ledger accounting data.
Table of Contents
- API Client documentation
- Sample Applications
- Xero Account Requirements
- Installation
- Authentication
- Configuration
- Custom Connections
- API Clients
- SDK conventions
- Contributing
API Client documentation
This SDK supports full method coverage for the following Xero API sets:
API Set | Description |
---|---|
Accounting methods |
The Accounting API exposes accounting functions of the main Xero application (most commonly used) |
Assets | The Assets API exposes fixed asset related functions of the Xero Accounting application |
Files | The Files API provides access to the files, folders, and the association of files within a Xero organisation |
Projects | Xero Projects allows businesses to track time and costs on projects/jobs and report on profitability |
Payroll (AU) | The (AU) Payroll API exposes payroll related functions of the payroll Xero application |
Payroll (UK) | The (UK) Payroll API exposes payroll related functions of the payroll Xero application |
Payroll (NZ) | The (NZ) Payroll API exposes payroll related functions of the payroll Xero application |
Object Model Documentation | Additional format of method docs, as well as full object model and field definition documentation can be found by clicking through the desired file paths |
Sample Applications
Sample apps can get you started quickly with simple auth flows and advanced usage examples.
Sample App | Description |
---|---|
starter-app |
Basic getting started code samples |
full-app |
Complete app with more complex examples |
custom-connections-starter |
Basic app showing Custom Connections - a Xero premium option for building M2M integrations to a single orgs |
Xero Account Requirements
- Create a free Xero user account
- Login to your Xero developer dashboard and create an API application
- Copy the credentials from your API app and store them using a secure ENV variable strategy
- Decide the neccesary scopes for your app's functionality
Installation
To install this SDK in your project we recommend using Composer (For OSX we recommend using Homebrew).
All third party libraries dependencies managed with Composer and the SDK requires PHP 5.6
and later.
To install the bindings via Composer, and add the xero-php-oauth2 sdk to your composer.json
and navigate to where your composer.json file is and run the command:
If no composer.json
file exists, create one by running the following command. You'll need Composer installed.
Configure PHPStorm
We've received feedback that PHPStorm IDE default file size is too small to load the AccountingApi class.
"PHPStorm seems unable to resolve the XeroAPI\XeroPHP\Api\AccountingApi class. It just shows Undefined class 'AccountingApi' and therefore can't autocomplete any of the methods etc."
To fix this, add the following to the idea.properties file to increase this limit to 5000 kilobytes
idea.max.intellisense.filesize=5000
Instructions here for configuring PHPStorm platform properties on Mac/Windows/Linux
Laravel
Xero doesn't offer support on how to use of our SDKs in different frameworks, etc. We had a recommendation by Matt @hailwood in our developer community. They integrates xero-php-oauth2 and Laravel using the following package.
- https://github.com/webfox/laravel-xero-oauth2
- https://packagist.org/packages/webfox/laravel-xero-oauth2
Authentication
Below is starter code with the authorization flow. You can use the code below by creating 4 separate PHP files and securely replacing your CLIENT_ID, CLIENT_SECRET and __REDIRECT_URI__
All API requests go through Xero's OAuth2.0 gateway and require a valid access_token
to be set on the client
which appends the access_token
JWT to the header of each request.
If you are making an API call for the first time the code below shows the auth flow using 4 separate PHP files and will work with these secure credentials replaced with your own:
- __CLIENT_ID__
- __CLIENT_SECRET__
- __REDIRECT_URI__
You can also see usage of the sdk in our sample app.
Important
The RedirectURI (ex. http://localhost:8888/pathToApp/callback.php) in your code needs to point to the callback.php file and match the RedirectURI you set when creating your Xero app.
- Point your browser to authorization.php, you'll be redirected to Xero where you'll login and select a Xero org to authorize. We recommend the Demo Company org, since this code can modify data in the org you connect to.
- Once complete, you'll be returned to your app to the redirect URI which should point to the callback.php.
- In callback.php, you'll obtain an access token which we'll use in authorizedResource.php to create, read, update and delete information in the connected Xero org.
authorization.php
callback.php
authorizedResource.php
storage.php
Configuration
The storage.php
is a simple recommendation. In your own app you should be securely persisting the token set data in relation to the user who has authenticated the Xero API connection. Each time you want to call the Xero API you will need to access the previously generated token set, initialize it on the SDK client
, and refresh the access_token
prior to making API calls.
Token Set
key | value | description |
---|---|---|
id_token: | "xxx.yyy.zzz" | OpenID Connect token returned if openid profile email scopes accepted |
access_token: | "xxx.yyy.zzz" | Bearer token with a 30 minute expiration required for all API calls |
expires_in: | 1800 | Time in seconds till the token expires - 1800s is 30m |
refresh_token: | "XXXXXXX" | Alphanumeric string used to obtain a new Token Set w/ a fresh access_token - 60 day expiry |
scope: | "email profile openid accounting.transactions offline_access" | The Xero permissions that are embedded in the access_token |
Custom Connections
Custom Connections are a Xero premium option used for building M2M integrations to a single organisation. A custom connection uses OAuth2.0's client_credentis
grant which eliminates the step of exchanging the temporary code for a token set.
We also have a starter application for more code samples of this auth flow in PHP.
To use this SDK with a Custom Connections:
Because Custom Connections are only valid for a single organisation you don't need to pass the xero-tenant-id
as the first parameter to every method, or more specifically for this SDK xeroTenantId
can be an empty string.
App Store Subscriptions
If you are implementing subscriptions to participate in Xero's App Store you will need to setup App Store subscriptions endpoints.
When a plan is successfully purchased, the user is redirected back to the URL specified in the setup process. The Xero App Store appends the subscription Id to this URL so you can immediately determine what plan the user has subscribed to through the subscriptions API.
With your app credentials you can create a client via client_credentials
grant_type with the marketplace.billing
scope. This unique access_token will allow you to query any functions in appStoreApi
. Client Credentials tokens to query app store endpoints will only work for apps that have completed the App Store on-boarding process.
You should use this subscription data to provision user access/permissions to your application.
App Store Subscription Webhooks
In additon to a subscription Id being passed through the URL, when a purchase or an upgrade takes place you will be notified via a webhook. You can then use the subscription Id in the webhook payload to query the AppStore endpoints and determine what plan the user purchased, upgraded, downgraded or cancelled.
Refer to Xero's documenation to learn more about setting up and receiving webhooks.
https://developer.xero.com/documentation/guides/webhooks/overview/
API Clients
You can access the different API sets and their available methods through the following API sets:
- AccountingApi
- AssetApi
- ProjectApi
- FilesApi
- PayrollAuApi
- PayrollNzApi
- PayrollUkApi
- AppStoreApi
Or for the Assets API:
Full method docs can be browsed here: https://xeroapi.github.io/xero-php-oauth2/docs/v2/accounting/index.html
SDK conventions
Accessing HTTP Headers
Every function has with it a more verbose WithHttpInfo
option in case you need to build logic around any request headers.
For example:
getInvoices
->getInvoicesWithHttpInfo
getContacts
->getContactsWithHttpInfo
This will return an array of 3 elements from the HTTP request.
- The object deserialized via the accounting object
- The HTTP status code
- The Response Headers
$apiResponse: {"Content-Type":["application\/json; charset=utf-8"],"Content-Length":["2116"],"Server":["nginx"],"Xero-Correlation-Id":["9a8fb7f7-e3e6-4f66-a170-88effabe9f4e"],"X-AppMinLimit-Remaining":["9997"],"X-MinLimit-Remaining":["57"],"X-DayLimit-Remaining":["4954"],"Expires":["Fri, 23 Jul 2021 17:32:31 GMT"],"Cache-Control":["max-age=0, no-cache, no-store"],"Pragma":["no-cache"],"Date":["Fri, 23 Jul 2021 17:32:31 GMT"],"Connection":["keep-alive"],"X-Client-TLS-ver":["tls1.3"]}
JWT decoding and Signup with Xero
Looking to implement Signup with Xero? We've added built in decoding and verification for both Access tokens and ID token in xero-php-oauth2.
Json Web Tokens (JWT) claims are pieces of information asserted about a subject.
The code below shows how to securely read claims about the access token (a user authentication) and abut the id token (a user's identity & profile).
Methods to access Dates in Accounting have changed since version 2.x
Both our Accounting and AU Payroll APIs use Microsoft .NET JSON format i.e. "\/Date(1439434356790)\/". Our other APIs use standard date formatting i.e. "2020-03-24T18:43:43.860852". Building our SDKs from OpenAPI specs with such different date formats has been challenging.
For this reason, we've decided dates in MS .NET JSON format will be strings with NO date or date-time format in our OpenAPI specs. This means developers wanting to use our OpenAPI specs with code generators won't run into deserialization issues trying to handle MS .NET JSON format dates.
The side effect is accounting and AU payroll models now have two getter methods. For example, getDateOfBirth() returns the string "\/Date(1439434356790)\/" while getDateOfBirthAsDate() return a standard date "2020-05-14". Since you can override methods in Java setDateOfBirth() can accept a String or a LocalDate.
Contributing
PRs, issues, and discussion are highly appreciated and encouraged. Note that the majority of this project is generated code based on Xero's OpenAPI specs - PR's will be evaluated and pre-merge will be incorporated into the root generation templates.
Versioning
We do our best to keep OS industry semver
standards, but we can make mistakes! If something is not accurately reflected in a version's release notes please let the team know.
Participating in Xero’s developer community
This SDK is one of a number of SDK’s that the Xero Developer team builds and maintains. We are grateful for all the contributions that the community makes.
Here are a few things you should be aware of as a contributor:
- Xero has adopted the Contributor Covenant Code of Conduct, we expect all contributors in our community to adhere to it
- If you raise an issue then please make sure to fill out the github issue template, doing so helps us help you
- You’re welcome to raise PRs. As our SDKs are generated we may use your code in the core SDK build instead of merging your code
- We have a contribution guide for you to follow when contributing to this SDK
- Curious about how we generate our SDK’s? Have a read of our process and have a look at our OpenAPISpec
- This software is published under the MIT License
For questions that aren’t related to SDKs please refer to our developer support page.
All versions of xero-php-oauth2 with dependencies
ext-curl Version *
ext-json Version *
ext-mbstring Version *
guzzlehttp/guzzle Version ^6.2 | ^7.0
league/oauth2-client Version ^2.5.0
firebase/php-jwt Version ^5.0